Ask the Experts

Ask the Experts

• How did an Electron framework flaw put Slack at risk?

  An Electron framework flaw put users of Slack, Skype and other big apps at risk. Expert Michael Cobb explains how this remote code execution flaw works and how to prevent it.  Continue Reading

• What is included in the mPOS security standard from PCI SSC?

  The PCI SSC developed an mPOS security standard to improve mobile payment and PIN systems. Expert Michael Cobb looks at what the requirements are and how they help.  Continue Reading

• Self-sovereign identity: How will regulations affect it?

  Will laws like GDPR and PSD2 force enterprises to change their identity management strategies? Expert Bianca Lopes talks regulations, self-sovereign identity and blockchain.  Continue Reading

• Will biometric authentication systems replace passwords?

  Biometric authentication systems have gained traction on mobile devices, but when will they become dominant within the enterprise? Expert Bianca Lopes weighs in on the topic.  Continue Reading

• Secure code review tips: How many review rounds are needed?

  Expert Michael Cobb details how to argue for a multistep secure code review process, like Microsoft SDL, and the pros of secure coding practices.  Continue Reading

• Do CISOs need computer science degrees?

  Equifax's CISO came under fire for having a music degree. David Shearer, CEO of (ISC)2, discusses what type of education infosec professionals should have.  Continue Reading

• What VPN alternatives should enterprises consider using?

  VPN vulnerabilities in products from popular vendors were recently found to enable serious threats. Discover how detrimental these threats are and best alternatives to the use of VPNs.  Continue Reading

• How are logic devices like WAGO PFC200 used by hackers?

  The Department of Homeland Security warned of a vulnerability affecting WAGO PFC200 logic devices. Discover how this flaw enables threat actors with expert Judith Myerson.  Continue Reading

• Zyklon malware: What Microsoft Office flaws does it exploit?

  Zyklon malware targets three previously patched Microsoft Office vulnerabilities. Learn how attackers can access passwords and cryptocurrency wallet data with expert Judith Myerson.  Continue Reading

• How can a Moxa MXview vulnerability be exploited by hackers?

  A vulnerability was found in Moxa MXview -- a software used to visualize network devices and physical connections. Learn how this vulnerability can enable privilege escalation.  Continue Reading

• Intel AMT flaw: How are corporate endpoints put at risk?

  A recent flaw in Intel's Advanced Management Technology enables hackers to gain access to endpoint devices. Discover how this flaw can be mitigated with expert Judith Myerson.  Continue Reading

• When does the clock start for GDPR data breach notification?

  As new GDPR data breach notification rules go into effect, companies must be ready to move faster than before. Mimecast's Marc French explains what will change and how to cope.  Continue Reading

• What will GDPR data portability mean for enterprises?

  Enforcement of the EU's Global Data Protection Regulation is coming soon. Mimecast's Marc French discusses the big questions about GDPR data portability for enterprises.  Continue Reading

• AIR-Jumper: How can security camera lights transmit data?

  Researchers developed aIR-Jumper, an exploit that leverages lights within security cameras to extract data. Learn how this attack works and how to prevent it with expert Nick Lewis.  Continue Reading

• Com.google.provision virus: How does it attack Android devices?

  The com.google.provision virus reportedly targets Android users, but little is known about it. Nick Lewis discusses the mystery threat and how Common Malware Enumeration may help.  Continue Reading